Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    PO23043-WT0540500856808075.PDF.img

  • Size

    1.2MB

  • Sample

    230828-rpwv9sef5z

  • MD5

    ac273df922275fee23d2549b30a53960

  • SHA1

    3eb74eb8b202ca5642c26bf6900e79c46e6bddb2

  • SHA256

    d11539b688587eec5e9939b6c85f76613cdf16187e8d25afcc52883f8134272e

  • SHA512

    9f1f969ec4bd37031d3e6e2f021d5cd9bb1c23af3162de914434fc5c7ad4ced389e9296a6307a071f77c911146df4a95e4d4747d2df126865d8bd1b43d2589dc

  • SSDEEP

    6144:fYa6/oSLCCe6xEoeELdWc9K4TDRnqoW/U6k33K9uu:fYZre6xEohLNJTDRniG3X

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sy22

Decoy

vinteligencia.com

displayfridges.fun

completetip.com

giallozafferrano.com

jizihao1.com

mysticheightstrail.com

fourseasonslb.com

kjnala.shop

mosiacwall.com

vandistreet.com

gracefullytouchedartistry.com

hbiwhwr.shop

mfmz.net

hrmbrillianz.com

funwarsztat.com

polewithcandy.com

ourrajasthan.com

wilhouettteamerica.com

johnnystintshop.com

asgnelwin.com

Targets

    • Target

      PO23043_.EXE

    • Size

      313KB

    • MD5

      c1d14a0b29a7f3829d1361363ec2e9b1

    • SHA1

      11aa2f0448e47835ec84f975c13b9bdb762e7ad3

    • SHA256

      b2d76e91d736201b7e8fb9780594693cfc3106285a4886e9b40007fdd7e56359

    • SHA512

      e85b8aef71f36657e32c8e7c38b34834774e8ffc782bcb34f6e75e2634b6725ddae97dac7f9f73c09099d5a656bde10c5ef5bad068db951a7f48990dc98c916b

    • SSDEEP

      6144:zYa6/oSLCCe6xEoeELdWc9K4TDRnqoW/U6k33K9uuo:zYZre6xEohLNJTDRniG3XN

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks